- From: Krzysztof Kotowicz <notifications@github.com>
- Date: Wed, 28 Oct 2020 02:18:17 -0700
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 28 October 2020 09:18:30 UTC
> I know I am standing on a very small island here but on this island, I feel, `<template shadowroot="closed">` is a terrible idea and I fail to see its usefulness versus the risks it brings. Would you agree that (if we only look at the risk of introducing sanitizer bugs), `<template shadowroot="open">` is also problematic, as there might be sanitizers (or even old DOMPurify versions) not _using_ it to inspect the input? I believe the authors want to solve for this, more generic case. I honestly think the closedness is the red herring here. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/831#issuecomment-717803593
Received on Wednesday, 28 October 2020 09:18:30 UTC